%
% Copyright (C) Håkan Lindqvist 2006, 2007.
% May be copied freely for educational and personal use. Any other use
% needs my written consent (i.e. no commercial use without my approval).
%

% Contains the definitions used throughout the thesis. Also contains
% simple examples of them.

\label{chapter:basic definitions}

% intial small talk
Mathematical formalism is necessary for the discussion, and
therefore there is a need for precise definitions of the entities that are
discussed. The more general definitions used will be presented here, with 
a few examples to make the meaning of each of the definitions clear on an
informal level. Unless explicitly stated, all definitions are adopted
from~\cite{Andersson, Bishop}.

The discussion in the section on access control matrix constitutes the
foundation for the theory of access control, a topic that will be
discussed more in later chapters.

%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Fundamental components}
\label{basics:fundamental components}
The widest term used is that of a \texttt{system}. It encapsulates the
collection of all parts that make up a functional unit of some kind,
for example a networked set of computer, their users, administrators,
usage regulations and so forth. The definition of a \texttt{system} is:

\begin{definition}
\label{definition:system}
\index{definition!system} \index{system}
A \texttt{system} is an ordered set made up of, in this order:
    \begin{enumerate}
     \item Products or components
     \item Operating system, communications and all things that make up
           an organisation's infrastructure
     \item Applications
     \item IT staff
     \item Internal users and management
     \item Customers and external users
     \item The surrounding environment
    \end{enumerate}
\end{definition}

Notice how the definition starts at the core of any organisation's
machine setup and works outwards, encapsulating components that are
depending on the inner layers. This multilayer view of things is a
common way of looking on security, and the importance of each layer will 
become clear in later chapters. One could say that the level of trust
decreases monotonically with each layer. The issue of trust is further 
elaborated upon in Section~\ref{chapter:tcb}.


%
% Subject & Object
There are certain entities that issue actions upon other
entities. Such an issuer of action is called a \texttt{subject}.
The definition used is:

\begin{definition}
\label{definition:subject}
\index{definition!subject} \index{subject}
A \texttt{subject} is a physical or legal entity in any role.
A \texttt{subject} $s$ is part of a set $S$.
\end{definition}

Note that this definition encapsulates many types of entities;
any organization and persons that are interacting with the system both
legally or in an illicit manner. That is, a \texttt{subject} is any
member of a system from layer $4$ and out.

The parts of a system that subjects interact with may either be other
\texttt{subjects}, or a passive component, called an \texttt{object}.

\begin{definition}
\label{definition:object}
\index{definition!object} \index{object}
A \texttt{object} is a passive entity in a system, typically acted upon
by a \texttt{subject}.
\end{definition}

%
The above definitions encapsulates many of the components on a low level
in a computer system, such as hardware, files and data structures. 
A wider definition that encapsulates more entities,
from several levels in Definition~\ref{definition:system},
is the notion of a \texttt{principal}~\cite{Andersson}:

%To encapsulate more parts of a system, in several
%of the levels defined in definition~\ref{definition:system},
%\cite{Andersson} also defines the notion of a \texttt{principal} as:

\begin{definition}
\label{definition:principal}
\index{definition!principal} \index{principal}
A \texttt{principal} is an entity that participates in a security
system.
\end{definition}

This means that a principal includes, but is not limited to,
\texttt{subjects}, \texttt{objects}, processes, a
role and any equipment in the system. The difference between a
\texttt{principal} and an arbitrary entity is that a \texttt{principal},
by definition, \emph{interacts} with a security \texttt{system}.

\newpage
%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Fundamental properties of a secure system}
The basis of computer security issues are made up of three fundamental
properties. They describe the accessibility of the system, the
correctness of any manipulation of any object on the system and to what
extent information considered sensitive is kept secret. The properties
are called \texttt{availability}, \texttt{integrity} and
\texttt{confidentiality} and they will be described in turn below. The
definitions are taken from~\cite{Andersson, Bishop}. Each section will
begin with a discussion, and proceed with the definition of the term.

% availability
\subsection{Availability}
One of the most basic aspects of a system is its \texttt{availability}.
If a subject is unable to utilize the services provided, it is useless
and effectively rendered non--existent to its users.

Consider the use of remote surgery using a telesurgical system~\cite{remote_surgery}; 
a surgeon is located at a remote
site, possibly in another country, than that of the patient.
It is of utmost importance that the responsiveness and
accuracy of this system is fast and correct. If the service on either
end would cease to respond, catastrophe may very well be
the result. In this extreme example of availability, all parts of the
resulting system used to perform the operation is of utmost importance
to guarantee the wellbeing of the patient. Any interruption in the
\texttt{availability} of the system's parts will make the
\texttt{availability} of the entire system to fail.

\begin{definition}
\label{definition:availability}
\index{definition!availability} \index{availability}
Let $X$ be a set of entities and $I$ be a resource. Then $I$ has the
property of \texttt{availability} with respect to $X$ if all members of
$X$ can access $I$.
\end{definition}

Note the use of the word ``entities'' in the definition. This word gives
the definition a bigger encapsulation than if the term \texttt{subject}
would have been used. This means that any part of the system may judge
upon whether some resource $I$ is available or not; it need not be
considered a subject to do so.
Another, basic but important, thing to notice about this definition is
that the \texttt{availability} is defined with respect to some well
defined set $X$, but that no restriction to the definition of the set
is given.


% condfidentiality
\subsection{Confidentiality}
To keep data and its existence secret is a problem that many
organisations put a significant amount of time and money into. To keep
data confidential is a major concern to, for example, intelligence
agencies
and the military, where information is often made available to personnel
on a ``need to know'' basis. Cryptography is an important part in the
implementation of confidential systems.

A sensitive example of the use for \texttt{confidentiality}, are the
medical records that are stored in medical databases. 
In these databases, information about ones emotional health, inherited
genetical diseases, HIV status and more is stored. Most people consider
this information to be very private and don't want anybody but perhaps
their doctor to know about it. This has good cause as many people have
been harassed and fired upon that their medical information has been
made public~\cite{Schneier}.

\begin{definition}
\label{definition:confidentiality}
\index{definition!confidentiality} \index{confidentiality}
Let $X$ be a set of entities and let $I$ be some information. Then $I$
has the property of \texttt{confidentiality} with respect to $X$ if no
member of $X$ can obtain information about $X$.
\end{definition}

Again, notice the use of the word ``entities'' and the use of the well
defined set $X$.

% integrity
\subsection{Integrity}
% Se Bishop p.100 
In most commercial environments, the integrity of information is
more important than to protect it from illicit access, although that too
is an important issue.
Consider for example the importance of integrity in a bank's transaction
records or the contents of a gas station's selling record.

There are two main categories of \texttt{integrity}--based mechanisms:
\begin{itemize}
 \item \texttt{detective} \texttt{integrity} mechanisms
 \item \texttt{preventive} \texttt{integrity} mechanisms
\end{itemize}

Detection mechanisms are used to detect any unauthorized modification to
information. The mechanism may give a detailed report under which
circumstances the information's \texttt{integrity} was affected: By whom
and what part of the information that was affected, or it may just
report that the data has been changed and mark the data as no longer
trustworthy.

Prevention mechanisms try to maintain the integrity of any information
by blocking any unauthorized attempts to modify it. This also includes
the case when a user that has been authorized to modify some information
in a certain way tries to alter it in an unauthorized manner.

\texttt{Integrity} may be one of the most important issues in today's
online world; Schneier \cite{Schneier} means that ``integrity is
about a
datum's relation to itself over time,'' and gives several examples of
why it gets more and more important. He says that today it is very easy
to forge an article so that it look genuine, like it came from some well
respected magazine. This makes it much more difficult to distinguish
false information from valid when obtained from an online source. 

Schneier provides a specific example of this, concerning trading with
stock: An employee of ParGain Technologies managed to post fake
takeover announcements, which were designed to look like they came from
the Bloomsberg news service. This had the effect of running the stock up
by 30 percent before the truth was unveiled.

\begin{definition}
\label{definition:intergrity}
\index{definition!integrity} \index{integrity}
Let $X$ be a set of entities and let $I$ be some information. Then $I$
has the property of \texttt{integrity} with respect to $X$ if all
members of $X$ trust $I$.
\end{definition}

Yet again, the word ``entities'' is used with respect to the well
defined set $X$. As was previously noted, the term trust is defined
in Section~\ref{tcb:trust}.


